summaryrefslogtreecommitdiff
path: root/program
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-04-14 15:07:12 +0200
committerAleksander Machniak <alec@alec.pl>2014-04-14 15:07:12 +0200
commiteb0dec96134916284c5caeb57d1ad23ff67d6264 (patch)
treec47511f08f384663bc69723be88db6cb89464a77 /program
parent24e63e22188678407b180944f4c7bb9f494f09ee (diff)
Fix XSS issue in plain text spellchecker (#1489806)
Diffstat (limited to 'program')
-rw-r--r--program/js/googiespell.js9
1 files changed, 5 insertions, 4 deletions
diff --git a/program/js/googiespell.js b/program/js/googiespell.js
index 9832116dd..c33c56872 100644
--- a/program/js/googiespell.js
+++ b/program/js/googiespell.js
@@ -524,7 +524,7 @@ this.showErrorWindow = function(elm, id)
$(dummy).html(suggestions[i]);
$(item).mouseover(this.item_onmouseover).mouseout(this.item_onmouseout)
- .click(function(e) { ref.correctError(id, elm, e.target.firstChild) });
+ .click(function(e) { ref.correctError(id, elm, e.target.firstChild) });
item.appendChild(dummy);
row.appendChild(item);
@@ -565,14 +565,15 @@ this.showErrorWindow = function(elm, id)
ref.saveOldValue(elm, elm.innerHTML);
ref.updateOrginalText(offset, elm.innerHTML, edit_input.value, id);
- $(elm).attr('is_corrected', true).css('color', 'green').html(edit_input.value);
+ $(elm).attr('is_corrected', true).css('color', 'green').text(edit_input.value);
ref.hideErrorWindow();
}
return false;
};
- $(edit_input).width(120).css({'margin': 0, 'padding': 0});
- $(edit_input).val(elm.innerHTML).attr('googie_action_btn', '1');
+ $(edit_input).width(120)
+ .css({'margin': 0, 'padding': 0})
+ .val($(elm).text()).attr('googie_action_btn', '1');
$(edit).css('cursor', 'default').attr('googie_action_btn', '1');
$(ok_pic).attr('src', this.img_dir + 'ok.gif')